CISA News Tips & Alerts

Let Us Create A Free Data Management Plan For You!

Get your data connected to an IT STAR!

StarDM is not affiliated with nor a partner of CISA – This information is provided as a convenience for informational purposes only

CISA Releases Software Bill of Materials (SBOM) Sharing Lifecycle Report

CISA has released the SBOM Sharing Lifecycle Report to the cybersecurity and supply chain community. The purpose of this report is to enumerate and describe the different parties and phases of the SBOM Sharing Lifecycle and to

Juniper Networks Releases Security Updates

Juniper Networks has released security updates to address vulnerabilities affecting Junos OS, Paragon Active Assurance (PAA), and Juniper Secure Analytics (JSA) Series. An attacker could exploit some of these vulnerabilities to take control of an affected

Shifting the Balance of Cybersecurity Risk: Security-by-Design and Default Principles

Shifting the Balance of Cybersecurity Risk: Security-by-Design and Default Principles serves as a cybersecurity roadmap for manufacturers of technology and associated products. With recommendations in this guide, manufacturers are urged to put cybersecurity first, during

Microsoft Releases Guidance for the BlackLotus Campaign

Microsoft has released Guidance for investigating attacks using CVE-2022-21894: The BlackLotus Campaign. According to Microsoft, “[t]his guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors

Fortinet Releases April 2023 Vulnerability Advisories

Fortinet has released its April 2023 Vulnerability Advisories to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-27876 Veritas Backup Exec Agent File Access Vulnerability CVE-2021-27877 Veritas Backup Exec Agent Improper Authentication Vulnerability CVE-2021-27878 Veritas Backup Exec Agent

CISA Adds Ten Known Exploited Vulnerabilities to Catalog

CISA has added ten new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2013-3163 Microsoft Internet Explorer Memory Corruption Vulnerability CVE-2014-1776 Microsoft Internet Explorer Memory Corruption Vulnerability CVE-2017-7494 Samba Remote Code Execution Vulnerability CVE-2022-42948 Fortra

Samba Releases Security Updates for Multiple Versions of Samba

The Samba Team has released security updates addressing vulnerabilities in multiple versions of Samba. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the

Mozilla Releases Security Update for Thunderbird 102.9.1

Mozilla has released a security update to address vulnerabilities in Thunderbird 102.9.1. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla’s Thunderbird